CVE-2024-39493

July 10, 2024, 8:15 a.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Linux kernel

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

Tags

CVE-2024-39493 details

Published : July 10, 2024, 8:15 a.m.
Last Modified : July 10, 2024, 8:15 a.m.

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak Using completion_done to determine whether the caller has gone away only works after a complete call. Furthermore it's still possible that the caller has not yet called wait_for_completion, resulting in another potential UAF. Fix this by making the caller use cancel_work_sync and then freeing the memory safely.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
This website uses the NVD API, but is not approved or certified by it.